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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 18 September 2008 . 
2a )^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-4 and 16-18 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 1-4 and 16-18 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Prosecution History Summary 



1. 



Claims 5-15 and 19 are cancelled. 



2. 



Claims 1-4 and 16-18 are pending. 



Claim Rejections - 35 USC §103 



3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

4. Claims 1-4 are rejected under 35 U.S.C. 103(a) as being unpatentable over Hacker 
(6,988,075; hereinafter Hacker) in view of Kenneth D Mandl Peter Szolovits, Isaac S Kohane, 
David Markwell, and Rhona MacDonald Public standards and patients' control: how to keep 
electronic medical records accessible but private • Commentary: Open approaches to 
electronic patient records • Commentary: A patient's viewpoint BMJ, Feb 2001; 322: 283 - 
287 (herein after Mandl). 

5. As per claim 1, Hacker discloses a method of permitting controlled access to medical 
information comprising: 
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(1) establishing a storage means for storing the medical information of the patient 
(Hacker: col. 7, lines 21-27); 

(2) establishing a means for accessing the medical information by the patient or any other 
authorized user (Hacker: col. 7, lines 56-66). 

(3) assigning each user with a unique ID (Hacker: col. 7, 43-50) and pin (Hacker: col. 7, 
43-50; i.e. alphanumeric passphrases; col. 7, 60-66) and tracking and notifying the patient of 
who accessed the medical information, what was accessed, and when was access taken place 
(Hacker: col. 7, 66-col. 8, 3). Although Hacker does not explicitly teach who accessed the 
medical information, it is obvious that who accessed the medical information is a pertinent 
information and the prior art suggests providing the information of who accessed the medical 
information. 

Hacker does not explicitly teach controlling an authorization and a scope of access to the 
medical information by the patient according to an assigned role of a user accessing the medical 
information, by modifying an access control list; and wherein the access control list lists each 
authorized user and the assigned role of each authorized user. 

Mandl teaches: 

(3) controlling an authorization and a scope of access to the medical information by the 
patient according to an assigned role of a user accessing the medical information, by modifying 
an access control list (Mandl: p. 284, section Confidentiality). 

Wherein the access control list lists each authorized user and the assigned role of each 
authorized user (Mandl: p. 284, section Confidentiality). 
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It would have been obvious to one of ordinary skill in the art at the time of the invention 
to combine the teachings with the motivation of providing a user with managing their own health 
record and providing a user with a secure data repository of their own medical record (Mandl). 

6. As per claim 2, Hacker discloses the method of claim 1, wherein the storage means is a 
central repository (Hacker: col. 7, lines 21-27). 

7. As per claim 3, Hacker discloses the method of claim 1 , wherein the means for accessing 
the medical information is controlled using a universally unique identifier (Hacker: col. 7, lines 
42-63). 

8. As per claim 4, Hacker discloses the method of claim 1 , wherein said controlling step is 
overridden by a registered emergency provider (Hacker: col. 7, lines 66-67). 

9. Claims 16-18 arc rejected under 35 U.S.C. 103(a) as being unpatentable over Hacker 
(6,988,075; hereinafter Hacker) in view of Kenneth D Mandl Peter Szolovits, Isaac S Kohane, 
David Markwell, and Rhona MacDonald and further in view of Felsher (2002/0010679; 
hereinafter Felsher) . 

10. As per claim 16, Hacker and Mandl disclose the method of claim 1, but do not teach 
wherein the patient is compensated for permitting some of the medical information to be 
available and used by a research institution. 

Felsher teaches wherein the patient is compensated for permitting some of the medical 
information to be available and used by a research institution (Felsher: para. 310). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to combine the teachings with the motivation of providing a medical history that may be of 
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critical importance to the future of healthcare (Felsher: para. 7) and the need for privacy and 
security of a patient's information (Felsher: para. 17). 

11. As per claim 1 7, Hacker and Mandl disclose the method of claim 1 , but do not teach 
wherein during a doctor visit the patient provides access to the medical information for a time 
period long enough to support the visit at which point the access times out. 

Felsher teaches wherein during a doctor visit the patient provides access to the medical 
information for a time period long enough to support the visit at which point the access times out 
(Felsher: para. 354). 

The motivation to combine the teachings is the same as claim 16. 

12. As per claim 18, Hacker and Snowden disclose the method of claim 1 , but do not teach 
wherein access to the patient's medical information expires when a physician logs into another 
room/appointment. 

Felsher teaches wherein access to the patient's medical information expires when a 
physician logs into another room/appointment (Felsher: para. 359; i.e. second communication 
session). 

The motivation to combine the teachings is the same as claim 16. 

Response to Arguments 

13. Applicant's arguments filed for claims 1-4 and 16-18 have been fully considered but they 
are not persuasive. 
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14. Applicant argues that Hacker does not suggest anything unique to the provider, but 
instead a code used in conjunction with the patient bar code or card to access patient sensitive 
information; therefore, Hacker does not disclose assigning each user with a unique ID and pin as 
recited in claim 1. In response to Applicant's argument, Examiner disagrees. Hacker teaches 
providing the provider with appropriate means for input of the unique access identification for 
patient identification and access along with unique passphrases (i.e. pin) to access the patient 
information (Hacker: col. 7, 60-66). Furthermore, claim limitations do not teach or suggest that 
a user is a "provider" and that the unique ID and pin of a user arc unique to a provider. 

15. Applicant argues that Mandl does not suggest using an access control list as the 
mechanism for controlling access. In response to Applicant's argument, Examiner disagrees. 
Mandl discloses the patient having preferences about different parts of his/her medical history by 
providing authorization independently; furthermore teachings that patients grant different access 
rights to different providers based on their role and on the particular individual (Mandl: p. 284; 
section Confidentiality). According to the Applicant's specification, an example of an access 
control list could be providing access to parties based upon their assigned role (para. 23). 

16. Regarding claim 3, Applicant argues that Hacker does not teach a "universally unique 
identifier," rather teaches an identifier that could be specific only to a particular record system. 
In response to applicant's argument that the references fail to show certain features of applicant's 
invention, it is noted that the features upon which applicant relies (i.e., an identifier that could be 
specific only to a particular record system) are not recited in the rejected claim(s). Although the 
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claims are interpreted in light of the specification, limitations from the specification are not read 
into the claims. See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

17. Regarding claim 4, Applicant argues that Hacker does not teach the mechanism of 
registration of emergency providers that would prevent the access to information by those 
searching for private information and posing to be an emergency provider. Examiner states that 
Hacker discloses an emergency override of the medical records' security to the medical 
information and providing notification to the patient of what information was release, including 
time, location, pages accessed, etc. Applicant's arguments fail to comply with 37 CFR 1.1 1 1(b) 
because they amount to a general allegation that the claims define a patentable invention without 
specifically pointing out how the language of the claims patentably distinguishes them from the 
references. Furthermore, in response to applicant's argument that the references fail to show 
certain features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., prevent the access to information by those searching for private information and posing to 
be an emergency provider) are not recited in the rejected claim(s). Although the claims are 
interpreted in light of the specification, limitations from the specification are not read into the 
claims. See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

18. Regarding claim 17, Applicant argues that Felsher does not teach "wherein during a 
doctor visit the patient provides access to the medical information for a time period long enough 
to support the visit at which point the access times out." Examiner disagrees and provides 
support in the cited portions for Felsher. Applicant further states that the mechanism of logging 
into another examining room should immediately prevent access from a prior terminal. In 
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response to applicant's argument that the references fail to show certain features of applicant's 
invention, it is noted that the features upon which applicant relies (i.e., mechanism of logging 
into another examining room should immediately prevent access from a prior terminal) are not 
recited in the rejected claim(s). Although the claims are interpreted in light of the specification, 
limitations from the specification are not read into the claims. See In re Van Geuns, 988 
F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

19. Regarding arguments in Office Action dated 08/07/2008, Applicant argues that Hacker 
does not teach the identification or means of identification of an individual accessing private 
information, and therefore would be unable to provide an accounting as such. Applicant 
provides a mere conclusatory statement regarding Hacker unable to teach "tracking and notifying 
the patient of who accessed the medical information, what was accessed, and when was access 
taken place;" therefore, Examiner maintains the cited portion of Hacker to teach "tracking and 
notifying the patient of who accessed the medical information, what was accessed, and when was 
access taken place." 

Conclusion 

20. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 



2 1 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

22. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SHEET AL R. RANGREJ whose telephone number is (571) 270- 
1368. The examiner can normally be reached on M-F 8:30-5:30. 

23. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jerry O'Connor can be reached on (571) 272-6787. The fax phone number for the 
organization where this application or proceeding is assigned is (571) 273-8300. 

24. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
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system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or (571) 272-1000. 
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Patent Examiner 
Art Unit 3686 

/Gerald J. O'Connor/ 
Supervisory Patent Examiner 
Group Art Unit 3686 



